Changelog

2017.03.06..2017.03.07

project android/
737ba21 manifest: track packageinstaller
65d822d Manifest for Android 7.1.1 Release 28

project bionic/
e046081 Check for bad packets in getaddrinfo.c's getanswer.

project build/
e22d5db N6F26U
722ccd6 N6F26T
88463b6 N6F26S
a6da47e Updating Security String to 2017-03-05 on nyc-dev
9aee59b Updating Security String to 2017-03-01 on nyc-dev
8a89878 N6F26R
e225344 Update Security String to 2017-02-05 on nyc-dev
8e84b75 Update Security String to 2017-02-01 on nyc-dev
cf7e2da N6F26Q
a618563 Updating Security String to 2017-01-05 on nyc-dev
1a90283 Updating Security String to 2017-01-01 on nyc-dev

project device/moto/shamu/
c32f000 Shamu: Update build fingerprint to N6F26U
67b5be4 Revert "Revert "Revert "Path fix for backend connection to FE upon call disconnection"""
8e88ad7 Revert "audio: fix headset + speaker path"

project external/libavc/
6aac820 Decoder: Padded gau1_ih264d_top_left_mb_part_indx_mod to avoid an out of bound read
0a4463e Decoder: Fix in checking first_mb_in_slice
4a61d15 Decoder: Increase memory allocation for weights & offsets for interlaced clips
19814b7 Decoder: Fixed DoS in header decode when no PPS is present
0340381 Decoder: Initialize ps_cur_slice->u1_mbaff_frame_flag correctly for error cases
85c0ec4 Decoder: Fixed an out of bound access while parsing SEI
21851ea Decoder: Fix in MB count in MBAff error handling
aa78b96 Call ih264d_deblock_display only for valid process calls
ec9ab83 Decoder: Fixed allocation of ps_dec->ps_nbr_mb_row
fd9a12f Decoder: Fixed cur_mb_info initialization in error cases
a467b1f Decoder: Fix in error concealment in the case of Mbaff clips
0e8b1df Decoder: Fix in the case of error in the first MB in frame.
c4f1525 Decoder: Fix in returning incomplete frame error
3695b6b Decoder: Fix initialization of ps_next_dpb during reference list creation
cf606f3 Decoder: Fix in checking for valid profile flags

project external/libgdx/
fba04a5 Fix buffer overflows
c156e72 Fix security vulnerability

project external/libhevc/
dfa7251 Added check for invalid log2_max_transform_block_size in SPS
3a64694 Fixed handling invalid chroma tu size for error clips
f22345d Fixed out of bound reads in stack variables
e20f6b8 Fix in Chroma SAO for non-multiple of 8 height
b25d141 Handle invalid slice_address in slice header

project external/libnfc-nci/
c67cc6a Fix native crash in nfc_ncif_proc_activate

project external/libnl/
77a7bed libnl: Check data length in nla_reserve / nla_put

project external/libopus/
1ad8009 Ensure that NLSF cannot be negative when computing a min distance between them

project external/libvpx/
6f5927d libvpx: Cherry-pick 1961a92 from upstream
145f317 vp8:fix threading issues

project external/skia/
8888cbf DO NOT MERGE Do not create an SkRawCodec with zero dimensions

project external/tremolo/
a4327f0 Tremolo: fix ARM assembly code for decode_map type 3 case

project frameworks/av/
5cabe32 avc_utils: skip empty NALs from malformed bistreams
8415635 DO NOT MERGE - audioflinger: fix recursive mutex lock in EffectHandle.
bc62c08 Don't initialize sync sample parameters until the end
22e26d8 DO NOT MERGE - improve audio effect framwework thread safety
048ba59 Fix security vulnerability: potential OOB write in audioserver
bab10e4 Effect: Use local cached data for Effect commit
e684672 Fix security vulnerability: Effect command might allow negative indexes
4adf91c Make VBRISeeker more robust
70b95dd Effects: Check get parameter command size
cdd16c8 DO NOT MERGE: defensive parsing of mp3 album art information
adb8603 Fix security vulnerability: Equalizer command might allow negative indexes
a09eaa0 stagefright: remove allottedSize equality check in IOMX::useBuffer
0e1e9f4 Visualizer: Check capture size and latency parameters

project frameworks/base/
7261a92 Fix issue with saving admins before finishing loading.
618391b resolve merge conflicts of ad4aa1ce7d3d to nyc-mr1-dev
d22261f Fix exploit where can hide the fact that a location was mocked am: a206a0f17e am: d417e54872 am: 3380a77516 am: 0a8978f04b am: 1684e5f344 am: d28eef0cc2 am: 1f458fdc66 am: d82f8a67fc am: 1ac8affd51 am: 56098f81b6 am: 7cec76de0f am: 2da05d0f9e
f4bed68 [DO NOT MERGE] Prevent crash from early Toast surface destruction.
5f621b5 Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
1c4d535 Prevent writing to FRP partition during factory reset.
593144f [DO NOT MERGE] Fix vulnerability in MemoryIntArray - fix build file
de5747d Fix vulnerability in MemoryIntArray
a66099e DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
4df434d DO NOT MERGE: Check provider access for content changes.
faf904b Zygote : Block SIGCHLD during fork.
c4b8272 Fix idmap leak in zygote process
7f0c2c8 Zygote: Additional whitelisting for legacy devices.
f522425 Zygote: Additional whitelists for runtime overlay / other static resources.
def0efd Public volumes belong to a single user.
25ddf85 Add SafetyNet logging to DHCP packet parsing
ec129c3 Reject DHCP packets with no magic cookie
c28117b Catch runtime exceptions when parsing DHCP packets

project frameworks/ex/
7c824f1 resolve merge conflicts of 89cdd4cb to mnc-dev
30ee0df resolve merge conflicts of 3802db4 to mnc-dev

project frameworks/native/
541b1eb Correct overflow check in Parcel resize code
74dae33 Fix security vulneratibly 31960359
509fb5c Fix SF security vulnerability: 32706020
38ac668 Fix SF security vulnerability: 32660278
9a8df9a Fix integer overflow in unsafeReadTypedVector

project frameworks/opt/net/wifi/
41c42f5 configparse: do not delete passpoint configuration file

project hardware/libhardware/
9f0e940 Fix security vulnerability: potential OOB write in audioserver

project hardware/qcom/audio/
7e12c89 Fix security vulnerability: Effect command might allow negative indexes
a0bfcdb Fix security vulnerability: Equalizer command might allow negative indexes

project kernel/moto/shamu/
ed17190 Revert "Revert "Revert "Fix backend connection to FE upon call disconnection"""
01a0544 msm: crypto: fix issues on digest buf and copy_from_user in qcedev.c
188c310 msm: camera: sensor: Validate eeprom_name string length
52debac msm: cpp: Fix for buffer overflow in cpp.
53d7de5 msm: camera: fix bound check of offset to avoid overread overwrite
4e9fbb4 ANDROID: ion: check for kref overflow
64a013d msm: kgsl: Reserve a context ID slot but don't populate immediately
4dbb902 net: rmnet_data: Fix incorrect netlink handling
037161c UPSTREAM: l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
370b0c6 UPSTREAM: net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
09f3f0b UPSTREAM: packet: fix race condition in packet_set_ring
efe4631 msm: ipa: Update IPA rule temp buffer size
5a85ae5 net: ipc_router: Register services only on client port

project kernel/oneplus/msm8996/
8f12bed msm: ipa: Update IPA rule temp buffer size
7695667 net: rmnet_data: Fix incorrect netlink handling
65a9727 msm: ADSPRPC: Buffer length to be copied is truncated
0328ff0 UPSTREAM: l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
bb73dca qcacld-2.0: Fix array out-of-bounds & integer underflow in _iw_set_genie
9b90ece qcacld-2.0: Add buf len check in wlan_hdd_cfg80211_testmode
6f05f17 soc: qcom: fingerprint: keep QSEE handle in kernel space
7985a03 qcacld-2.0: Remove obsolete set/reset ssid hotlist
6910534 ANDROID: ion: check for kref overflow
668be20 input: misc: fix heap overflow issue in hbtp_input.c
8b5f4bd mpi: Fix NULL ptr dereference in mpi_powm() [ver #3]
6bc7b51 ASoC: msm-lsm-client: cleanup ioctl functions
ac6995f enable ARCH_HAS_ELF_RANDOMIZE again
423d559 msm: ipa: Prevent multiple header deletion from user space
cc36c35 QBT1000: copy qseecom handle to user when loading/unloading app
a60ed5f QBT1000: check for null pointer before copying command
daee31d ALSA: pcm : Call kill_fasync() in stream lock
9d566d7 ANDROID: sdcardfs: support direct-IO (DIO) operations
bcd6893 ANDROID: sdcardfs: implement vm_ops->page_mkwrite
bdebf0a ANDROID: sdcardfs: Don't bother deleting freelist
de73bf4 ANDROID: sdcardfs: Add missing path_put
2bd2849 ANDROID: sdcardfs: Fix incorrect hash
23e0fb8 ANDROID: Refactor fs readpage/write tracepoints.
da76da0 ANDROID: fs: FS tracepoints to track IO.
327d374 ANDROID: ext4 crypto: Disables zeroing on truncation when there's no key
c0ab657 ANDROID: binder: fix format specifier for type binder_size_t
14915fc Squashfs: optimize reading uncompressed data
004fdca Squashfs: implement .readpages()
c35bd3b Squashfs: replace buffer_head with BIO
63973e0 Squashfs: refactor page_actor
61068aa Squashfs: remove the FILE_CACHE option
c0bddb3 ANDROID: sdcardfs: Switch strcasecmp for internal call
96b1243 ANDROID: sdcardfs: switch to full_name_hash and qstr
708d331 ANDROID: sdcardfs: Add GID Derivation to sdcardfs
af537ef ANDROID: sdcardfs: Remove redundant operation
bc2a5a4 ANDROID: sdcardfs: add support for user permission isolation
ad59916 ANDROID: sdcardfs: Refactor configfs interface
c5e5dc8 ANDROID: sdcardfs: Allow non-owners to touch
a3ce3ec UPSTREAM: FROMLIST: 9p: fix a potential acl leak
8fc5f8a BACKPORT: posix_acl: Clear SGID bit when setting file permissions
40e4592 BACKPORT: Input: xpad - validate USB endpoint count during probe
577051d BACKPORT: Input: xpad - fix oops when attaching an unknown Xbox One gamepad
967cdee ASoC:[Backported msm-4.4r9] msm: fix ULL playback over a2dp
2fa3081 ASoC:[Backported msm-4.4r9] wcd-spi: fix clock disable request during shutdown
396d82a ASoC:[Backported msm-4.4r9] wcd9335: Add dapm ignore suspend for codec dai
28fff5f ASoC:[Backported msm-4.4r9] wcd-dsp-mgr: fix restart logic when codec comes back online
251b54a ASoC:[Backported msm-4.4r9] wcd9335: Fix register sequence for CPE configuration
746cbdd ASoC:[Backported msm-4.4r9] wcd-spi: Add memory read debug support
e3621fa ASoC:[Backported msm-4.4r9] wcd-spi: fix the maximum transfer unit setting
4f3fd12 ASoc:[Backported msm-4.4r9] wcd9335: Ignore mbhc get impedance error
4108d5c ASoC:[Backported msm-4.4r9] wcd-spi: Initialize local variables before usage
8ef0653 ASoC:[Backported msm-4.4r9] wcd-spi: Move one time initializations to component bind
a8bec8d ASoC:[Backported msm-4.4r9] wcd-dsp-mgr: set status before broadcasting post events
5b0c09e ASoC:[Backported msm-4.4r9] wcd-spi: fix clock disable
7160bdc ASoC:[Backported msm-4.4r9] wcd-dsp-mgr: add support for subsystem restart
330c382 ASoC:[Backported msm-4.4r9] wcd-spi: add support to read requested section of memory
bc933cc ASoC:[Backported msm-4.4r9] wcd_cpe_core: add arch_setup_dma_ops call
67d6195 ASoC:[Backported msm-4.4r9] wcd9xxx: check impedance index before use
cb875da ASoC:[Backported msm-4.4r9] codecs: fix edid error when hdmi ops is null
e585c61 ASoC:[Backported msm-4.4r9] wcd: change classh settings as per impedance value
f349a0b ASoC:[Backported msm-4.4r9] wcd9335: Configure DMIC clock rate for ECPP path
a5568c7 ASoC:[Backported msm-4.4r9] wcd9335: Add support to enable low power mode on codec
fe11232 ASoC:[Backported msm-4.4r9] wcd-spi: SPI driver for WCD audio codecs
273d3f2 ASoC:[Backported msm-4.4r9] wcd_dsp_mgr: Add the WCD DSP manager driver
351867c ASoC:[Backported msm-4.4r9] wcd-dsp-utils: Add utilities for wcd dsp
abfc45f ASoC:[Backported msm-4.4r9] wcd9335: Changes to support CPE session using EC PP path
f33d388 ASoC:[Backported msm-4.4r9] wcd9335: Add dapm ignore suspend for backend dais
5bab6c4 ASoC:[Backported msm-4.4r9] wcd9335: don't check for HPHL and HPHR for mono headset
574da7a ASoC:[Backported msm-4.4r9] audio-ext-clk: check for null pointer de-reference
80e5299 ASoC:[Backported msm-4.4r9] wcd9335: add all child devices of codec
784fdc7 ASoC:[Backported msm-4.4r9] wcd9335: Remove pop on bring-up of noise cancelling headset
c53874b ASoC:[Backported msm-4.4r9] wcd9335: Update codec driver probe sequence
dfb872f ASoC:[Backported msm-4.4r9] wcd9335: Fix traversing of source dapm widgets
461f59c ASoC:[Backported msm-4.4r9] wcd9335: Infinite loop when routing DMIC for handset ANC
2b6269d ASoC:[Backported msm-4.4r9] wcd9335: Adjust DMIC clock based on sample rate
497ed24 ASoC:[Backported msm-4.4r9] wcd: set pointer to null after kfree
bf28bf1 ASoC:[Backported msm-4.4r9] wcd9335: Fix race during codec master clock (mclk) enablement
e8b3695 ASoC:[Backported msm-4.4r9] wcd9335: add handset speaker gain mixer control
f3ac244 ASoC:[Backported msm-4.4r9] wcd9335: reduce speaker teardown latency
f4a5141 ASoc:[Backported msm-4.4r9] wcd9335: correct native playback widget on msmcobalt
5cf91c5 ASoC:[Backported msm-4.4r9] wcd9335: Add 24bit record support
9b5c80e arm64: cache: change ARCH_DMA_MINALIGN and L1_CACHE_SHIFT values
9d21de6 UPSTREAM: udp: properly support MSG_PEEK with truncated buffers
78ff6cf UPSTREAM: arm64: Allow hw watchpoint of length 3,5,6 and 7
77068d9 BACKPORT: arm64: hw_breakpoint: Handle inexact watchpoint addresses
8c4776f UPSTREAM: arm64: Allow hw watchpoint at varied offset from base address
c1f77b0 BACKPORT: hw_breakpoint: Allow watchpoint of length 3,5,6 and 7
f56faf2 sched/deadline: Make CPU heap faster avoiding real swaps on heapify
ee6bf0d sched/deadline: Unify dl_time_before() usage
4b0aa73 sched/deadline: Refactor CPU heap code
9908c1e sched/deadline: Fix wrap-around in DL heap
f6624d7 proc: Set androidboot.verifiedbootstate=green
03f33334 Revert "proc: Remove verifiedbootstate flag from /proc/cmdline"
8053363 config: marlin: Turn off WALT by default
9ad01dd sched/core: Fix PELT jump to max OPP upon util increase

project libcore/
c55ce33 Fix URL parser may return wrong host name

project packages/apps/Bluetooth/
379e7b6 Remove MANAGE_DOCUMENTS permission as it isn't needed

project packages/apps/CertInstaller/
1ad3b1e WifiInstaller: add permission for access downloaded files
1166ca8 WifiInstaller: remove the installation file

project packages/apps/ContactsCommon/
80822d7 resolve merge conflicts of 9f523b4 to nyc-dev

project packages/apps/Messaging/
3f98211 32764144 Security Vulnerability - heap buffer overflow in libgiftranscode.so in colorMap->Colors[colorIndex]
8ba22b4 33388925 Mismatched new vs delete in framesequence library
1bb11f3 resolve merge conflicts of eafd58a to nyc-dev
13f739b 32807795 Security Vulnerability - AOSP Messaging App: thirdparty can attach private files from "/data/data/com.android.messaging/" directory to the messaging app.
86e5bf5 32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so

project packages/apps/PackageInstaller/

project packages/apps/Settings/
423091f Settings: Expose "ALL" hardcoded and @android colors
ed510a0 Settings: Expose and add tint mode to custom icons
ada95d3 Settings: Expose styles in the manifest for themes
42c30d3 Settings: Guard against themes without colorAccent defined

project packages/apps/UnifiedEmail/
1fc7b01 Don't allow file attachment from /data through GET_CONTENT.

project packages/services/Telephony/
38b45bb Catch SIP exceptions which can crash Phone process on answer.

project system/sepolicy/
54a3eec label /bugreports

project vendor/moto/
a4703c1 Shamu: Update blobs to Android 7.1.1 (N6F26U)